DP's Security Bitshttp://blogs.msmvps.com/donpatterson
Tue, 03 Mar 2015 19:51:22 +0000en-UShourly1http://wordpress.org/?v=4.1.1Yet Another Cleaner, Yet Another Stealerhttp://blogs.msmvps.com/donpatterson/2015/03/03/yet-another-cleaner-yet-another-stealer/
http://blogs.msmvps.com/donpatterson/2015/03/03/yet-another-cleaner-yet-another-stealer/#commentsTue, 03 Mar 2015 19:51:22 +0000http://blogs.msmvps.com/donpatterson/?p=1891Recently, we discovered that a relatively popular “anti-malware” product known as “Yet Another Cleaner” or YAC for short, has been claiming to be an affiliate of Malwarebytes in addition to using a lot of our detection names as their own. We looked deeper into their operation and found some pretty amazing and ugly things.

The Malwarebytes research team has determined that BrowseFox is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

The Malwarebytes research team has determined that CinemaDigitalPro1.4V10 is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

]]>http://blogs.msmvps.com/donpatterson/2015/02/27/removal-instructions-for-cinemadigitalpro1-4v10/feed/0New TeslaCrypt Ransomware sets its scope on video gamershttp://blogs.msmvps.com/donpatterson/2015/02/27/new-teslacrypt-ransomware-sets-its-scope-on-video-gamers/
http://blogs.msmvps.com/donpatterson/2015/02/27/new-teslacrypt-ransomware-sets-its-scope-on-video-gamers/#commentsFri, 27 Feb 2015 19:51:37 +0000http://blogs.msmvps.com/donpatterson/?p=1877A new ransomware called TeslaCrypt was discovered by Fabian Wosar of Emsisoft that encrypts your files using AES encryption and then demands a ransom payment in order to decrypt your files. What makes TeslaCrypt different than other ransomware is its attempt to cash in on the $81 billion game market by placing a strong emphasis on encrypting video game related files. Unlike other ransomware that typically target images, documents, videos, and applications databases, TeslaCrypt also targets over 40 different video game related files. The game files being targeted belong to games such as RPG Maker, Call of Duty, Dragon Age, StarCraft, MineCraft, World of Warcraft, World of Tanks, and Steam.

Improved History processing now includes history of any items restored. For example, when a file is removed from the Startup tab it displays “START_Remove”. If the file is restored, an entry is added “START_Restored” to give confirmation and so you can track what has been done.

Fixed bug in History Restore functionality that cause restore to fail on many occasions.

Improved automatic clean-up and removal of files no longer on your computer from the WinPatrol database.

Updated alert processing to help eliminate repeat alerts.

Added code so that users of BitDefender 2015 should be able to use AutoPilot without receiving repeated alerts.

Fixed upgrade bug that results in two versions of WinPatrol running for some customers.

Added “First Detected” column to the Delayed Start Tab.

Added “Status” column to the Startup Programs Tab. Currently we do not recognize when 64-bit programs are running, we will have a full 64-bit version of WinPatrol available later this year.

Program description now displays in WinPatrol Explorer footer when highlighting a program.

Fixed sorting on date columns.

Fixed a bug Registry Monitoring that resulted in some keys not being monitored as they should have been.

Added note to Cookies tab that recommends closing any open browsers prior to editing cookies. We also added improved processing to handle if a browser is open so that you do not lose your changes. But we still recommend closing a browser before editing it’s associated cookies because the major browsers all keep a cache of their cookies and will automatically restore anything they have not themselves removed.

The Malwarebytes research team has determined that Shopperz is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

The Malwarebytes research team has determined that BowserApsv5 is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.